Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Date of Graduation
Master of Science (MS)
Department of Computer Science
M. Hossain Heydari
The world is continually demanding more effective and intelligent solutions and strategies to combat adversary groups across the cyber defense landscape. Cyber Threat Intelligence (CTI) is a field within the domain of cyber security that allows for organizations to utilize threat intelligence and serves as a tool for organizations to proactively harden their defense posture. However, there is a large volume of CTI and it is often a daunting task for organizations to effectively consume, utilize, and apply it to their defense strategies. In this thesis we develop a machine learning solution, named RedAI, to investigate whether open-source intelligence (OSINT) can be effectively integrated into a working approach that accurately classifies cyber threat intelligence. By focusing on open-source and easily available resources, RedAI demonstrates how to use the Structured Threat Information Expression (STIX) (OASIS, 2017) language to objectify, collect, and integrate intelligence and align it to the MITRE ATT&CK framework (MITRE ATT&CK Enterprise, 2021). To test the accuracy of this solution, machine learning models were built using training data and then further tested with test data to determine the model's effectiveness at classifying unknown threat intelligence. The results showed that RedAI could, with high accuracy, use OSINT cyber threat intelligence data to build a machine learning model and then classifying unknown test threat intelligence. Based off these findings, it is apparent that organizations have the ability to leverage OSINT and advanced solutions to augment their cyber defense posture.
Noel, Luke, "RedAI: A machine learning approach to cyber threat intelligence" (2021). Masters Theses, 2020-current. 81.